CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32407
https://notcve.org/view.php?id=CVE-2024-32407
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. • https://book.hacktricks.xyz/v/jp/pentesting-web/ssti-server-side-template-injection https://cxsecurity.com/issue/WLB-2024040049 • CWE-918: Server-Side Request Forgery (SSRF) CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-31621 – Flowise 1.6.5 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. • https://www.exploit-db.com/exploits/52001 https://flowiseai.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29991 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29991
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) This vulnerability allows remote attackers to bypass the Mark-Of-The-Web security feature to execute arbitrary code on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29991 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32038 – Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32038
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wazuh. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50260 – Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-50260
Attacker can inject arbitrary command into the `/etc/hosts.deny` file and execute arbitrary command by using the spawn directive. ... So, it can leads to LPE on server as root and RCE on agent as root. ... Por lo tanto, puede conducir a LPE en el servidor como raíz y a RCE en el agente como raíz. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wazuh. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •